Back to Hub

AWS IAM Policy Least Privilege Analyzer.

Cloud security posture simulator that audits AWS IAM action arrays, identifying overly permissive wildcards (*) and quantifying risk exposure footprints.

## Achieving Least Privilege in AWS

Security incidents in AWS are predominantly caused by overly permissive Identity and Access Management (IAM) policies. Relying on wildcard actions (e.g., `s3:*` or `dynamodb:*`) creates a blast radius that compromises your entire cloud environment if a single set of credentials is leaked.

### FAQ

**Q: What is the Principle of Least Privilege (PoLP)?**
A: PoLP mandates that users, systems, and roles are granted strictly the minimum levels of access—or permissions—necessary to perform their specific job functions.

**Q: How do I replace wildcards?**
A: Instead of `s3:*`, use specific actions required, such as `s3:GetObject` and `s3:PutObject`, and constrain them via `Resource` ARNs to specific buckets rather than the account-wide `*` resource.